glivo1

Hi Kevin, Yes!!! Hmmmm??? Thanks. I was highly suspicious of the HDD at first, and I still am. However, one of the first things I did, before logging on here, was to swap the HDD out with a known good HDD from a decommissioned system of mine. This only confuses the issue though, as it was sluggish as well. So, I was actually wondering if it may be a problem with the Motherboard. My first thought was hardware but then I started to get the errors with running Total AV and the installation of MBAM which made me suspect possible malware. It could have been both I guess. I have already used Administrator Command Prompt and run CHKDSK the other day without the Repair switch and it didn't report any errors on either partition. Either way, there will be a slight delay today as my daughter's boyfriend (a photographer) tries to back up nearly 800 Gb of digital photos on the D:\ partition. Last night I suggested it is best to attempt this now while the drive is still alive and before I run CHKDSK /R. I'm amazed that he doesn't have a backup copy on an External Drive. By the way, apparently Total AV was only recently installed on this machine after the boyfriend bought a new laptop only a few months ago. This included the licence to install Total AV for 4 devices with that purchase. I don't know anything about the program. Update: Oh dear!! I have just gone to the kitchen to make a coffee and turned the monitor on. The screen is telling me that it is "Repairing disk errors. This might take over an hour to complete." I have no idea how long it has been like that as it was normal Windows screen when I went to bed. I guess we'll have to wait and see what happens here. Before I end up wasting any more of your time, did you notice anything in the logs that indicated Malware? If it is just a hardware problem I don't think we should tie you up. If we get that far I will post you the report from CHKDSK /R either way. Cheers and Thanks so far, Greg It's all academic now. Catastrophic failure of HDD. BIOS says SATA Port 1 is Empty. I had installed a second working System disk and booted to Windows from that as the original HDD would no longer boot. I was able to see both partitions of the original HDD (now I:\Windows and J:\Data) in File Explorer. I had an external 2 TB USB HDD connected which was showing as drive K:\. I created a new folder on the External drive, but as soon as I tried to copy a few data files over it told me "You are trying to access a device that doesn't exist". I tried to actually view a photograph file from the J:\Data drive but the Photos App could not open the file. I thought shut every thing down and try again, clicked Power / Shut down and Windows told me "Preparing to Shut Down Windows. Do not turn you computer off." After a long delay with the spinning wheel the computer appeared to shut down normally. Both HDDs are now DEAD. We are now hoping that all of the data can be recovered by a specialist data recovery service.

Kevin, Here are the 3 files. Computer still very sluggish and at times completely unresponsive for minutes at a time. Other times is seems to be functioning normally. When it is unresponsive Task Manager Disk 0 is running 100% Active time. Not sure if this has anything to do with my problem. Still occasionally getting the napinsp.dll error, most recently in relation to LogiOptionsMgr.exe - Bad Image. Greg Addition.txt Fixlog.txt FRST.txt

Kevin, That took some doing. napinsp.dll error message up almost continuously. Anyway, after finally getting MBAM to run, it detected nothing and there was no log file. Here is the Adwcleaner log copy/pasted and the FRST and Addition files are attached. # ------------------------------- # Malwarebytes AdwCleaner 8.1.0.0 # ------------------------------- # Build: 02-15-2021 # Database: 2021-03-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-18-2021 # Duration: 00:00:01 # OS: Windows 10 Home # Cleaned: 7 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\SecuritySuite Deleted C:\ProgramData\TotalAV Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\TotalAV ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\SSProtect Deleted HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\SOFTWARE\Mozilla\NativeMessagingHosts\com.totalav.passwordvaultassistant Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SecurityService ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [1948 octets] - [18/03/2021 12:19:21] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Addition.txt FRST.txt

Family member's PC running very slow. Excessive background HDD activity. MBAM will not run after install so no "threat scan logs". MBAM.exe - bad image. C:\WINDOWS\System32\napinsp.dll is either not designed to run on Windows or it contains an error. etc etc. A different Virus scan software already on the PC (Total AV) runs briefly then causes "Blue Screen" followed by restart and then goes to BIOS. Highly suspicious of Malware. Addition.txt FRST.txt

Windows 10 is a lucky dip. You never know what your going to get,. Each time I install it there is a different issue. This time it is stuck on updates. They all downloaded but then I get a message telling me there is a problem, but we'll try again later. That's nice isn't it? I haven't tried System Restore again yet. You should see the backdoors being used to fix this issue. Hardly suitable for the average Joe.

I am giving W10 one more try. I have nothing to lose. I'll let you know tomorrow. My USB MEDIA wouldn't work earlier today so I had to go back to my DVD. I suppose there is the possibility that my installation was corrupted. I have never had such a problem getting an O/S on a computer before and I've done hundreds.

As I've let you know by pm System Restore is now a bigger problem. I can use a different browser but when this security tool doesn't work we have a problem.

I'm not going mad. Microsoft is run by morons. Windows 10 ISO is now too big for Single Layer DVD. How smart is that. You'd think they could at least adjust the download tool to tell people.

I may be mistaken about Donna Account running Edge in Safe Mode when set to Admin type this morning. (I don't think so but all is pointing to that) My son's Admin account (created by default during installation and the only account present) won't run Edge in Safe Mode on his PC. It is being called as a Built-in as well. The Built in System Administrator account on his PC is still set to inactive. Could be either a) a Windows 10 bug, b) meant to be that way, or c) a problem with my installation disk. I'll download a new ISO and create a new one just to be sure. I'll be off-line now while I remove the partition and reinstall windows so good night for now. I'll be back tomorrow. I do really appreciate your being there. I know you don't have to.

I also think that the thing about any Admin account not running Edge in Safe Mode, and being called as a Built-in Admin, is a bug in Windows. But Donna account definitely did run earlier today. I'm about to test that theory out on my son's gaming PC. There is only 1 account, created when Windows was installed, so it should be set to secondary Administrator. If it is called as a Built-in Admin in Safe Mode we can just call that a Windows bug. I'll let you know but it is all academic now as I'm going to do a clean start. I've backed up what I want to put back on later as minimally as I can.

New user (New) has Admin rights: Can run Edge in normal startup with no hangs under heavy load. (5 tabs, refresh, search, video frame, online shop, news all together for several minutes.) BUT: not in Safe Mode W/Network. 1/ All Admin accounts now won't run Edge in Safe Mode W/Network. All Admin accounts treated as Built-in Admin in Safe Mode. 2/ Earlier today Donna account definitely ran Edge in Safe Mode. First as Admin then as Standard user. I just swapped account type back to Admin again and now won't. 3/ Actual built-in System Admin account won't run Edge at all in Safe Mode or Normal startup. 4/ All users other than mine (and System Admin) run Edge without hangs.

Did the logs clear when we reset the counters on Sunday afternoon my time, ie 48 hours ago? I didn't count earlier but there was lots of Event ID 1002 occurrences over the last week to 10 days but now I can only see yesterday and today. There were 8 yesterday and another 4 today, although I haven't been using the computer in the way that causes these hangs to occur, ie using Edge browser. These listed instances are basically just me testing for it. My user account that is causing these, continues to do so even after I've set it to Standard user type instead of Administrator. This is shown in the top 3 instances in the screen shot. I can quite easily deliberately cause them now that I now what they are. I'm about to do a Safe Mode startup to see if the system still considers this account to be a Built-in Administrator. If it does Edge won't run in Safe Mode. I think I'll begin to rebuild after that. Even if I can get the thing to work "properly" using the newly created user account, I can't fully trust it. I worry about backing up and then migrating back to the clean system. I fear that I may just reintroduce the problem back over yet again. Straight data files aren't a problem but settings for browsers, desktops and email accounts etc worry me.

OK. I've done that. CMD Admin seemed to work as expected. Disable Performance Counters didn't exist. Services\Winmgmt\ start value was still on 2 (Automatic). Rebooted. Windows log in screen - no input devices again. Turned of with power button and back on. Now back in.

No good. Back to it's same useless state after only an hour or so.

PC carked it earlier today. Absolutely no ability to browse using Edge or Chrome. I backed up my music files manually as well as manual backup of both \Users\_____ directories and did a Windows "Repair Installation" from DVD from within Windows10. I selected keep settings and files. This process took several hours to complete with about 3 restarts along the way, but maybe it was required. When it finished I had no mouse or keyboard so I had to turn off and back on. They came back. My resource traces for CPU and Memory appear to be much better for now. Edge appears to be responding faster and so far has not "Hung" although it is still showing the other errors in Event Viewer. I am less than happy with my experience with Windows 10 so far. Is there anything you would like me to do? Or should we just observe for now? I'm about ready to format and start again if it drops out again.

These crops from screenshots yesterday (Task Manager) show what I'm seeing.

OK. So that is all done and have rebooted 3 times. MBAM loaded and updated as intended. Here are FRST text logs attached. A few things to consider. 1/ Fresh install Windows 10 on brand new / unused HDD 2 weeks ago today. Same Windows install disk used on son's computer without issue. (different reg'n license key obviously) 2/ Some Apps didn't work from scratch. (There could be more than I presently know of.) - Bing Weather could not change location. (Removed in Powershell and reinstalled from Store) - Fixed. - Photos would not open image files. Reset in Settings. - Fixed. - One Note doesn't work at all and haven't tried to fix it. I don't even know what it does really. It pops up then disappears for unknown reason on a couple of occasions. Not sure if this is "normal" for W10 or not. 3/ MBAM and Avira installed immediately. Avira removed to allow Defender instead. MBAM Trial ends today. Pay up or go Free version? 4/ When trying to perform Microsoft community forum fixes for Edge crashes, sfc/scannow reports no problems, however Apps Troubleshooter yesterday reported "Store cache may be damaged - X not fixed". Plenty of people have issues with Edge apparently. 5/ Unexplained reappearance of files from old Windows 7 in Recycle Bin. Huge amount that remained "phantom" for 3 "Empty Bin" procedures. I can't explain this at all. 6/ Conflicting reports about levels of fragmentation. Windows disk Optimize says 3% while several 3rd party say over 50%. I have kept a hand written daily "journal" log of almost everything done. If you can't see anything obvious, I think I'm about to go and buy an Apple Mac. I don't expect this from a brand new build of Microsoft Windows 10. The problems began to appear and have worsened since day 0. Addition.txt FRST.txt

Sophos Free Virus Removal Tool found 0 threats. I'm about to start the process you outlined in the PM. Did you survive the night?

Sure. Goodnight.

Had to uninstall Sophos, reinstall but it wouldn't launch. Navigated to program directory and ran SVRTgui.exe manually. Scanning now. Task manager seems to point to Edge and MBAM as heavy resource users. Often MBAM is at the top. I know there is something going on here.

Here is the other stuff. Sophos just wont run. Tried 3 times, Run as Admin, delete and download again. Will try to find it somewhere else. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.0 (12.05.2016) Operating System: Windows 10 Pro x64 Ran by Greg (Administrator) on Sat 18/02/2017 at 19:23:18.90 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Windows\wininit.ini (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 18/02/2017 at 19:27:13.63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v6.043 - Logfile created 18/02/2017 at 19:40:51 # Updated on 27/01/2017 by Malwarebytes # Database : 2017-02-13.1 [Server] # Operating System : Windows 10 Pro (X64) # Username : Greg - DESKTOP-7TR2UNP # Running from : C:\Users\Greg\Desktop\AdwCleaner.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [2520 Bytes] - [18/02/2017 19:40:51] C:\AdwCleaner\AdwCleaner[S0].txt - [2808 Bytes] - [18/02/2017 19:40:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2666 Bytes] ########## Addition.txt AdwCleaner[C0].txt FRST.txt JRT.txt

Having no luck with Sophos. Error 1606 Can't find Network Path.

Sure. Thanks and stay dry. We are having severe electrical storms.

Sure. I'll get right on it now. This was the first instance of a problem with Edge. 15 seconds after ads.pubmatic.com.